high
7.6
CWE
522
Advisory Published
Updated

CVE-2022-23538: User credentials leaked to third-party service via HTTP redirect in scs-library-client

First published: Tue Jan 17 2023(Updated: )

github.com/sylabs/scs-library-client is the Go client for the Singularity Container Services (SCS) Container Library Service. When the scs-library-client is used to pull a container image, with authentication, the HTTP Authorization header sent by the client to the library service may be incorrectly leaked to an S3 backing storage provider. This occurs in a specific flow, where the library service redirects the client to a backing S3 storage server, to perform a multi-part concurrent download. Depending on site configuration, the S3 service may be provided by a third party. An attacker with access to the S3 service may be able to extract user credentials, allowing them to impersonate the user. The vulnerable multi-part concurrent download flow, with redirect to S3, is only used when communicating with a Singularity Enterprise 1.x installation, or third party server implementing this flow. Interaction with Singularity Enterprise 2.x, and Singularity Container Services (cloud.sylabs.io), does not trigger the vulnerable flow. We encourage all users to update. Users who interact with a Singularity Enterprise 1.x installation, using a 3rd party S3 storage service, are advised to revoke and recreate their authentication tokens within Singularity Enterprise. There is no workaround available at this time.

Credit: security-advisories@github.com

Affected SoftwareAffected VersionHow to fix
Sylabs Singularity Container Services Library=1.3.2
Sylabs Singularity Container Services Library=1.3.3
Sylabs Singularity Container Services Library=1.4.0
Sylabs Singularity Container Services Library=1.4.1

Remedy

https://github.com/sylabs/scs-library-client/commit/68ac4cab5cda0afd8758ff5b5e2e57be6a22fcfa

Remedy

https://github.com/sylabs/scs-library-client/commit/b5db2aacba6bf1231f42dd475cc32e6355ab47b2

Remedy

https://github.com/sylabs/scs-library-client/commit/eebd7caaab310b1fa803e55b8fc1acd9dcd2d00c

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is CVE-2022-23538?

    CVE-2022-23538 is a vulnerability in the Singularity Container Services (SCS) Container Library Service.

  • What is the severity of CVE-2022-23538?

    CVE-2022-23538 has a severity rating of 7.6 (high).

  • Which software versions are affected by CVE-2022-23538?

    Versions 1.3.2, 1.3.3, 1.4.0, and 1.4.1 of the Sylabs Singularity Container Services Library are affected by CVE-2022-23538.

  • How does CVE-2022-23538 affect the scs-library-client?

    When the scs-library-client is used to pull a container image with authentication, it may send an incorrect HTTP Authorization header to the library service.

  • How can I fix CVE-2022-23538?

    To fix CVE-2022-23538, update your Sylabs Singularity Container Services Library to a version that includes the necessary security patches.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203